High severity7.8NVD Advisory· Published Nov 11, 2016· Updated May 6, 2026

CVE-2016-9274

Description

Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected.

Affected products

Git For Windows Project/Git For Windows
cpe:2.3:a:git_for_windows_project:git_for_windows:*:*:*:*:*:*:*:*
Range: >=1.0.0,<=1.9.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/git-for-windows/git/issues/944nvdIssue TrackingPatchVendor Advisory
www.youtube.com/watchnvdExploit
www.securityfocus.com/bid/94289nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000